/build/static/layout/Breadcrumb_cap_w.png

Scripting Question


How to determine which devices have the user as a local admin?

09/15/2016 1146 views
Would like to first determine which devices have the employee as a local admin and then remove those rights. I see script for the Removal of Admin Rights but I need to know how to determine which ones have that scenario. Is there a process already establish for this?
0 Comments   [ + ] Show comments

Comments


All Answers

0
Hello, You would need to create a Custom Inventory Rule to accomplish this, executing maybe a wmic command or a VBS script. You could use this with ShellCommandReturnText (cmd /c NET LOCALGROUP Administrators) on a Custom Inventory Rules or distribute a BAT with the follow:

    FOR /F "delims=[]" %%A IN ('NET LOCALGROUP Administrators ˆ| FIND /N "----"') DO SET HeaderLines=%%A
    FOR /F "tokens=*"  %%A IN ('NET LOCALGROUP Administrators') DO SET FooterLine=%%A
    NET LOCALGROUP Administrators | MORE /E +%HeaderLines% | FIND /V "%FooterLine%"

Then execute the ShellComandReturnText
Answered 09/15/2016 by: Ericenri
Senior Purple Belt

0
see this to create the CIR's
http://www.itninja.com/blog/view/create-a-cir-to-get-a-clean-list-of-your-local-admins-and-then-filter-out-the-it-approved-admins-also-presented-at-dell-world-user-forum-2014-lessions-from-the-field

then all you need is a kscript to run a
net user [<UserName> [/delete]]

if you want to remove admin rights from the current logged in user you can us this script (run as system)


if you want to add admin rights from the current logged in user you can us this script (run as system)

Answered 09/19/2016 by: SMal.tmcc
Red Belt

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ